#!/usr/bin/env bash
set -eu

PGVER=17
CONF="/etc/postgresql/${PGVER}/main/postgresql.conf"
HBA="/etc/postgresql/${PGVER}/main/pg_hba.conf"
APP_USER="eva_mem_app"
DB_NAME="eva_memory"
APP_PASS="$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9@#%+=' | cut -c1-24)"

sed -i "s/^#\?listen_addresses.*/listen_addresses = '0.0.0.0'/" "$CONF"
if ! grep -q "eva_memory access" "$HBA"; then
  cat >> "$HBA" <<'EOFHBA'
# eva_memory access
host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             192.168.0.8/32          scram-sha-256
EOFHBA
fi
systemctl restart postgresql

if su - postgres -c "psql -tAc \"SELECT 1 FROM pg_roles WHERE rolname='${APP_USER}'\"" | grep -q 1; then
  su - postgres -c "psql -v ON_ERROR_STOP=1 -c \"ALTER ROLE ${APP_USER} WITH PASSWORD '${APP_PASS}';\""
else
  su - postgres -c "psql -v ON_ERROR_STOP=1 -c \"CREATE ROLE ${APP_USER} LOGIN PASSWORD '${APP_PASS}';\""
fi

if ! su - postgres -c "psql -tAc \"SELECT 1 FROM pg_database WHERE datname='${DB_NAME}'\"" | grep -q 1; then
  su - postgres -c "createdb -O ${APP_USER} ${DB_NAME}"
fi

su - postgres -c "psql -d ${DB_NAME} -v ON_ERROR_STOP=1 <<'SQL'
CREATE EXTENSION IF NOT EXISTS vector;
CREATE TABLE IF NOT EXISTS mem_items (
  id BIGSERIAL PRIMARY KEY,
  item_type TEXT NOT NULL,
  title TEXT,
  content TEXT NOT NULL,
  tags TEXT[] DEFAULT '{}',
  source_path TEXT,
  created_at TIMESTAMPTZ DEFAULT now(),
  updated_at TIMESTAMPTZ DEFAULT now()
);
CREATE TABLE IF NOT EXISTS mem_vectors (
  item_id BIGINT PRIMARY KEY REFERENCES mem_items(id) ON DELETE CASCADE,
  embedding vector(1536),
  model TEXT,
  created_at TIMESTAMPTZ DEFAULT now()
);
CREATE INDEX IF NOT EXISTS idx_mem_items_type ON mem_items(item_type);
CREATE INDEX IF NOT EXISTS idx_mem_items_updated ON mem_items(updated_at DESC);
SQL"

su - postgres -c "psql -d ${DB_NAME} -v ON_ERROR_STOP=1 <<SQL
GRANT CONNECT ON DATABASE ${DB_NAME} TO ${APP_USER};
GRANT USAGE ON SCHEMA public TO ${APP_USER};
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO ${APP_USER};
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO ${APP_USER};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO ${APP_USER};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO ${APP_USER};
SQL"

install -m 700 -d /etc/eva-memory
cat > /etc/eva-memory/connection.env <<EOF
DB_HOST=192.168.0.135
DB_PORT=5432
DB_NAME=${DB_NAME}
DB_USER=${APP_USER}
DB_PASS=${APP_PASS}
EOF
chmod 600 /etc/eva-memory/connection.env

echo "DONE"
echo "DB_HOST=192.168.0.135"
echo "DB_PORT=5432"
echo "DB_NAME=${DB_NAME}"
echo "DB_USER=${APP_USER}"